Information on source package tomcat6

Available versions

ReleaseVersion
wheezy6.0.45+dfsg-1~deb7u1
wheezy (security)6.0.45+dfsg-1~deb7u5
jessie (security)6.0.45+dfsg-1~deb8u1

Open issues

BugwheezyjessieDescription
CVE-2017-5664vulnerablefixedThe error page mechanism of the Java Servlet Specification requires ...

Resolved issues

BugDescription
TEMP-0840685-CEF76BTOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory
CVE-2017-7675The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and ...
CVE-2017-5648While investigating bug 60718, it was noticed that some calls to ...
CVE-2017-5647A bug in the handling of the pipelined requests in Apache Tomcat ...
CVE-2016-9775The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 ...
CVE-2016-9774The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 ...
CVE-2016-8745A bug in the error handling of the send file code for the NIO HTTP ...
CVE-2016-8735Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x ...
CVE-2016-6817The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and ...
CVE-2016-6816The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, ...
CVE-2016-6797The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to ...
CVE-2016-6796A malicious web application running on Apache Tomcat 9.0.0.M1 to ...
CVE-2016-6794When a SecurityManager is configured, a web application's ability to ...
CVE-2016-6325The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, ...
CVE-2016-5425The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, ...
CVE-2016-5388Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows ...
CVE-2016-5018In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to ...
CVE-2016-1240The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 ...
CVE-2016-0763The setGlobalContext method in ...
CVE-2016-0762The Realm implementations in Apache Tomcat versions 9.0.0.M1 to ...
CVE-2016-0714The session-persistence implementation in Apache Tomcat 6.x before ...
CVE-2016-0706Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, ...
CVE-2015-5351The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x ...
CVE-2015-5346Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x ...
CVE-2015-5345The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before ...
CVE-2015-5174Directory traversal vulnerability in RequestUtil.java in Apache Tomcat ...
CVE-2014-7810The Expression Language (EL) implementation in Apache Tomcat 6.x ...
CVE-2014-0230Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before ...
CVE-2014-0227java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in ...
CVE-2014-0119Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 ...
CVE-2014-0099Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in ...
CVE-2014-0096java/org/apache/catalina/servlets/DefaultServlet.java in the default ...
CVE-2014-0075Integer overflow in the parseChunkHeader function in ...
CVE-2014-0050MultipartStream.java in Apache Commons FileUpload before 1.3.1, as ...
CVE-2014-0033org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat ...
CVE-2013-4590Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before ...
CVE-2013-4322Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before ...
CVE-2013-4286Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before ...
CVE-2013-2067java/org/apache/catalina/authenticator/FormAuthenticator.java in the ...
CVE-2013-2051The Tomcat 6 DIGEST authentication functionality as used in Red Hat ...
CVE-2013-1976The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in ...
CVE-2013-0346** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for ...
CVE-2012-5887The HTTP Digest Access Authentication implementation in Apache Tomcat ...
CVE-2012-5886The HTTP Digest Access Authentication implementation in Apache Tomcat ...
CVE-2012-5885The replay-countermeasure functionality in the HTTP Digest Access ...
CVE-2012-5568Apache Tomcat through 7.0.x allows remote attackers to cause a denial ...
CVE-2012-4534org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x ...
CVE-2012-4431org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat ...
CVE-2012-3546org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before ...
CVE-2012-3544Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not ...
CVE-2012-2733java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP ...
CVE-2012-0022Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before ...
CVE-2011-5064DigestAuthenticator.java in the HTTP Digest Access Authentication ...
CVE-2011-5063The HTTP Digest Access Authentication implementation in Apache Tomcat ...
CVE-2011-5062The HTTP Digest Access Authentication implementation in Apache Tomcat ...
CVE-2011-4858Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 ...
CVE-2011-3375Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not ...
CVE-2011-3190Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 ...
CVE-2011-2526Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before ...
CVE-2011-2204Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before ...
CVE-2011-1582Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a ...
CVE-2011-1475The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not ...
CVE-2011-1419Apache Tomcat 7.x before 7.0.11, when web.xml has no security ...
CVE-2011-1184The HTTP Digest Access Authentication implementation in Apache Tomcat ...
CVE-2011-1183Apache Tomcat 7.0.11, when web.xml has no login configuration, does ...
CVE-2011-1088Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity ...
CVE-2011-0534Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not ...
CVE-2011-0013Multiple cross-site scripting (XSS) vulnerabilities in the HTML ...
CVE-2010-4312The default configuration of Apache Tomcat 6.x does not include the ...
CVE-2010-4172Multiple cross-site scripting (XSS) vulnerabilities in the Manager ...
CVE-2010-3718Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running ...
CVE-2010-2227Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 ...
CVE-2010-1157Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might ...
CVE-2009-3548The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 ...
CVE-2009-2902Directory traversal vulnerability in Apache Tomcat 5.5.0 through ...
CVE-2009-2901The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and ...
CVE-2009-2693Directory traversal vulnerability in Apache Tomcat 5.5.0 through ...
CVE-2009-0783Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...
CVE-2009-0781Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the ...
CVE-2009-0580Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...
CVE-2009-0033Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...
CVE-2008-5515Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 ...
CVE-2008-3271Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers ...

Security announcements

DSA / DLADescription
DLA-746-2tomcat6 - regression update
DLA-746-1tomcat6 - security update
DLA-728-1tomcat6 - security update
DLA-622-1tomcat6 - security update
DSA-3530-1tomcat6 - security update
DLA-435-1tomcat6 - security update
DLA-232-1tomcat6 - security update
DLA-91-2tomcat6 - regression update
DLA-91-1tomcat6 - security update
DSA-2725-1tomcat6 - several
DSA-2725-1tomcat6 - several
DSA-2401-1tomcat6 - several
DSA-2160-1tomcat6 - several

Search for package or bug name: Reporting problems